The National Institute of Standards and Technology is readying guidance to help agencies evaluate commercial mobile applications that agency workers might use on government-issued devices or personal apps that access government networks, reports GCN.
The guidelines, Technical Considerations for Vetting 3rd Party Mobile Applications, currently in draft form, aim to help agencies assess a mobile app's security, behavior and reliability (including performance) so that they can determine if the app is acceptable for their environments.
The idea is that rather than being prescriptive, the guide is instructive, letting government officials choose what risks and tests apply to their agencies, said Tom Karygiannis, a NIST computer scientist. "There needs to be more awareness of what the apps actually do, what information they're collecting and how you may put your network at risk," Karygiannis said.
The guide is not a technical manifesto. "It's more of an education for end users who're not part of the IT department," Karygiannis added. "They need to have an awareness of how their security and privacy might be compromised as they use these devices."
Primary examples of things to test, according to the draft, include whether the app protects sensitive data and privacy, is reliable and available, and performs as promised.